Examples with Token org.forgerock.oauth2.core.Token used on opensource projects

Example 31 with Token

use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.

the class OpenAMOAuth2ProviderSettings method createRSAJWK.

private Map<String, Object> createRSAJWK(RSAPublicKey key, KeyUse use, String alg) throws ServerException {
    String alias = null;
    try {
        alias = getStringSetting(realm, OAuth2Constants.OAuth2ProviderService.KEYSTORE_ALIAS);
    } catch (SSOException | SMSException e) {
        logger.error(e.getMessage());
        throw new ServerException(e);
    }
    if (StringUtils.isBlank(alias)) {
        logger.error("Alias of ID Token Signing Key not set.");
        throw new ServerException("Alias of ID Token Signing Key not set.");
    } else if ("test".equals(alias)) {
        logger.warning("Alias of ID Token Signing Key should be changed from default, 'test'.");
    }
    String kid = Hash.hash(alias + key.getModulus().toString() + key.getPublicExponent().toString());
    return json(object(field("kty", "RSA"), field(OAuth2Constants.JWTTokenParams.KEY_ID, kid), field("use", use.toString()), field("alg", alg), field("n", Base64url.encode(key.getModulus().toByteArray())), field("e", Base64url.encode(key.getPublicExponent().toByteArray())))).asMap();
}

Example 32 with Token

use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.

the class EndSession method endSession.

/**
     * Handles GET requests to the OpenId Connect end session endpoint for ending OpenId Connect user sessions.
     *
     * @return The OpenId Connect token of the session that has ended.
     * @throws OAuth2RestletException If an error occurs whilst ending the users session.
     */
@Get
public Representation endSession() throws OAuth2RestletException {
    final OAuth2Request request = requestFactory.create(getRequest());
    final String idToken = request.getParameter(OAuth2Constants.Params.END_SESSION_ID_TOKEN_HINT);
    final String redirectUri = request.getParameter(OAuth2Constants.Params.POST_LOGOUT_REDIRECT_URI);
    try {
        openIDConnectEndSession.endSession(idToken);
        if (StringUtils.isNotEmpty(redirectUri)) {
            return handleRedirect(request, idToken, redirectUri);
        }
    } catch (OAuth2Exception e) {
        throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), null);
    }
    return null;
}

Example 33 with Token

use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.

the class IdentityManager method getClientIdentity.

/**
     * Gets a client's identity.
     *
     * @param clientName The client's name.
     * @param realm The client's realm.
     * @return The Clients identity.
     * @throws UnauthorizedClientException If the client's identity cannot be found.
     */
public AMIdentity getClientIdentity(String clientName, String realm) throws UnauthorizedClientException {
    final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
    final AMIdentity amIdentity;
    try {
        final AMIdentityRepository amIdRepo = new AMIdentityRepository(token, realm);
        final IdSearchControl idsc = new IdSearchControl();
        idsc.setRecursive(true);
        idsc.setAllReturnAttributes(true);
        // search for the identity
        idsc.setMaxResults(0);
        final IdSearchResults searchResults = amIdRepo.searchIdentities(IdType.AGENTONLY, clientName, idsc);
        final Set<AMIdentity> results = searchResults.getSearchResults();
        if (results == null || results.size() != 1) {
            logger.error("No client profile or more than one profile found.");
            throw new UnauthorizedClientException("Not able to get client from OpenAM");
        }
        amIdentity = results.iterator().next();
        //if the client is deactivated return null
        if (amIdentity.isActive()) {
            return amIdentity;
        } else {
            return null;
        }
    } catch (Exception e) {
        logger.error("Unable to get client AMIdentity: ", e);
        throw new UnauthorizedClientException("Not able to get client from OpenAM");
    }
}

Example 34 with Token

use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.

the class OpenAMClientDAO method read.

/**
     * {@inheritDoc}
     */
public Client read(String clientId, OAuth2Request request) throws UnauthorizedClientException {
    Map<String, Set<String>> clientAttributes = new HashMap<String, Set<String>>();
    try {
        AMIdentity theID = null;
        final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
        final String realm = request.getParameter(OAuth2Constants.Custom.REALM);
        AMIdentityRepository repo = idRepoFactory.create(realm, token);
        IdSearchControl idsc = new IdSearchControl();
        idsc.setRecursive(true);
        idsc.setAllReturnAttributes(true);
        // search for the identity
        Set<AMIdentity> results;
        idsc.setMaxResults(0);
        IdSearchResults searchResults = repo.searchIdentities(IdType.AGENTONLY, clientId, idsc);
        results = searchResults.getSearchResults();
        if (results == null || results.size() != 1) {
            logger.error("OpenAMClientDAO.read(): No client profile or more than one profile found.");
            throw new UnauthorizedClientException("Not able to get client from OpenAM");
        }
        theID = results.iterator().next();
        //if the client is deactivated return null
        if (!theID.isActive()) {
            theID = null;
        } else {
            clientAttributes = theID.getAttributes();
        }
    } catch (UnauthorizedClientException e) {
        logger.error("OpenAMClientDAO.read(): Unable to get client AMIdentity: ", e);
        throw new UnauthorizedClientException("Not able to get client from OpenAM");
    } catch (SSOException e) {
        logger.error("OpenAMClientDAO.read(): Unable to get client AMIdentity: ", e);
        throw new UnauthorizedClientException("Not able to get client from OpenAM");
    } catch (IdRepoException e) {
        logger.error("OpenAMClientDAO.read(): Unable to get client AMIdentity: ", e);
        throw new UnauthorizedClientException("Not able to get client from OpenAM");
    }
    Client client = createClient(clientAttributes);
    client.setClientID(clientId);
    return client;
}

Example 35 with Token

use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.

the class IdTokenClaimGatherer method getRequestingPartyId.

@Override
public String getRequestingPartyId(OAuth2Request oAuth2Request, AccessToken authorizationApiToken, JsonValue claimToken) {
    try {
        SignedJwt idToken = jwtReconstruction.reconstructJwt(claimToken.asString(), SignedJwt.class);
        OAuth2ProviderSettings oAuth2ProviderSettings = oauth2ProviderSettingsFactory.get(oAuth2Request);
        OAuth2Uris oAuth2Uris = oAuth2UrisFactory.get(oAuth2Request);
        byte[] clientSecret = clientRegistrationStore.get(authorizationApiToken.getClientId(), oAuth2Request).getClientSecret().getBytes(Utils.CHARSET);
        KeyPair keyPair = oAuth2ProviderSettings.getServerKeyPair();
        if (!idToken.getClaimsSet().getIssuer().equals(oAuth2Uris.getIssuer())) {
            logger.warn("Issuer of id token, {0}, does not match issuer of authorization server, {1}.", idToken.getClaimsSet().getIssuer(), oAuth2Uris.getIssuer());
            return null;
        }
        if (!verify(clientSecret, keyPair, idToken)) {
            logger.warn("Signature of id token is invalid.");
            return null;
        }
        return idToken.getClaimsSet().getSubject();
    } catch (InvalidClientException e) {
        logger.error("Failed to find client", e);
        return null;
    } catch (NotFoundException | ServerException e) {
        logger.error("Failed to find OAuth2 settings", e);
        return null;
    }
}